Since I'm very new to SSL certificates, and the creation and usage of them I figured maybe StackOverflow members can help me out.

I'm from Holland, the common way of online payments is by implementing iDEAL. An online payment protocol supported by the major banks. I have to implement a 'professional' version. This includes creating a RSA private key. Based on that key I have to create a certificate and upload it to the webserver.

I'm on a Windows machine and completely confused what to do. I took a look at the OpenSSL website, because the manual forwarded me to that website to get a SSL Toolkit.

The manual provides two commands which have to be executed in order to create a RSA key and a certificate.

Is there a way I can do this by a utility on a windows machine? I've downloaded PuTTy KeyGenerator. But I'm not sure what to do, I've created a key (SSH-2 RSA, whatever that is..) but how do I create a certificate with that key?

If you're on windows and using apache, maybe via WAMP or the Drupal stack installer, you can additionally download the git for windows package, which includes many useful linux command line tools, one of which is openssl.

The following command creates the self signed certificate and key needed for apache and works fine in windows:

Beware: Private keys should never be transfered over public networks; and they should really never be generated on a machine you don't have full control over. - So, use the output from cert-depot.com for testing and development but make sure your production certificates are created in a trusted environment. - Dima, I'm not implying your service is not trustworthy, but common security practices prohibit the use of those certs for production environments. That said, I'm now going to get a certificate from your site for my new development server; thank you for that convenient service. :)
–
Hanno BinderDec 11 '12 at 8:49

4

I agree with every word, Hanno. Moreover, even if the connection is secured, one shouldn't trust third party to create private keys for him (they can be stored and used later on). Wherever I could I've tried to emphasize that the generated certs are suitable for dev / test purposes only.
–
Dima StopelDec 18 '12 at 19:25

2

Thanks for the handy dev tool Dima but your statement of, "wherever I could I've tried to emphasize that the generated certs are suitable for dev / test purposes only," is not currently true. The home page would be a perfect place to put that kind of disclaimer, and it just isn't there.
–
Jeremy CookSep 26 '14 at 14:35